diff --git a/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java b/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java index 2d3109e001c37..0b5085b6d83dd 100644 --- a/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java +++ b/community/bolt/src/main/java/org/neo4j/bolt/BoltKernelExtension.java @@ -276,14 +276,6 @@ private KeyStoreInformation createKeyStore( Configuration config, Log log, Adver private Authentication authentication( Config config, AuthManager authManager, LogService logService ) { - - if ( config.get( GraphDatabaseSettings.auth_enabled ) ) - { - return new BasicAuthentication( authManager, logService.getInternalLogProvider() ); - } - else - { - return Authentication.NONE; - } + return new BasicAuthentication( authManager, logService.getInternalLogProvider() ); } } diff --git a/community/bolt/src/main/java/org/neo4j/bolt/security/auth/Authentication.java b/community/bolt/src/main/java/org/neo4j/bolt/security/auth/Authentication.java index d23ed0eda61b8..7a5a22d7475b2 100644 --- a/community/bolt/src/main/java/org/neo4j/bolt/security/auth/Authentication.java +++ b/community/bolt/src/main/java/org/neo4j/bolt/security/auth/Authentication.java @@ -44,9 +44,4 @@ public interface Authentication * @throws AuthenticationException If authentication failed. */ AuthenticationResult authenticate( Map authToken ) throws AuthenticationException; - - /** - * Allows all tokens to authenticate. - */ - Authentication NONE = authToken -> AuthenticationResult.AUTH_DISABLED; } diff --git a/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java b/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java index a9b2a7510eb12..61cdb2752ec86 100644 --- a/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java +++ b/community/bolt/src/test/java/org/neo4j/bolt/v1/runtime/integration/SessionRule.java @@ -101,15 +101,7 @@ public void evaluate() throws Throwable private Authentication authentication( Config config, AuthManager authManager, LogService logService ) { - - if ( config.get( GraphDatabaseSettings.auth_enabled ) ) - { - return new BasicAuthentication( authManager, logService.getInternalLogProvider() ); - } - else - { - return Authentication.NONE; - } + return new BasicAuthentication( authManager, logService.getInternalLogProvider() ); } BoltStateMachine newMachine( String connectionDescriptor ) diff --git a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java index 24d6764f433af..4e941e42d65d3 100644 --- a/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java +++ b/community/kernel/src/main/java/org/neo4j/kernel/impl/factory/EditionModule.java @@ -137,7 +137,7 @@ public AuthManager createAuthManager( Config config, LogService logging, boolean authEnabled = config.get( GraphDatabaseSettings.auth_enabled ); if ( !authEnabled ) { - return AuthManager.NO_AUTH; + return getAuthDisabledAuthManager(); } String configuredKey = config.get( GraphDatabaseSettings.auth_manager ); @@ -176,6 +176,11 @@ public AuthManager createAuthManager( Config config, LogService logging, return authManager; } + protected AuthManager getAuthDisabledAuthManager() + { + return AuthManager.NO_AUTH; + } + private AuthManager tryMakeInOrder( Config config, LogService logging, FileSystemAbstraction fileSystem, JobScheduler jobScheduler, List authManagerFactories ) { diff --git a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java index 21d0bd11ad83e..3ab521f886174 100644 --- a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java +++ b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/core/EnterpriseCoreEditionModule.java @@ -60,7 +60,9 @@ import org.neo4j.kernel.NeoStoreDataSource; import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.KernelException; +import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.api.SchemaWriteGuard; import org.neo4j.kernel.impl.api.TransactionHeaderInformation; import org.neo4j.kernel.impl.api.index.RemoveOrphanConstraintIndexesOnStartup; @@ -335,4 +337,9 @@ protected BoltConnectionTracker createSessionTracker() return new StandardBoltConnectionTracker(); } + @Override + protected AuthManager getAuthDisabledAuthManager() + { + return EnterpriseAuthManager.NO_AUTH; + } } diff --git a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java index d8479b12ed325..5ae7aec333237 100644 --- a/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java +++ b/enterprise/core-edge/src/main/java/org/neo4j/coreedge/edge/EnterpriseEdgeEditionModule.java @@ -51,7 +51,9 @@ import org.neo4j.kernel.DatabaseAvailability; import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.KernelException; +import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.api.CommitProcessFactory; import org.neo4j.kernel.impl.api.ReadOnlyTransactionCommitProcess; import org.neo4j.kernel.impl.api.TransactionCommitProcess; @@ -276,4 +278,10 @@ protected BoltConnectionTracker createSessionTracker() { return new StandardBoltConnectionTracker(); } + + @Override + protected AuthManager getAuthDisabledAuthManager() + { + return EnterpriseAuthManager.NO_AUTH; + } } diff --git a/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java b/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java index 3b8ca4695df46..8646c51bc5019 100644 --- a/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java +++ b/enterprise/ha/src/main/java/org/neo4j/kernel/ha/factory/HighlyAvailableEditionModule.java @@ -63,8 +63,10 @@ import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.InvalidTransactionTypeKernelException; import org.neo4j.kernel.api.exceptions.KernelException; +import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; import org.neo4j.kernel.configuration.Settings; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.ha.BranchDetectingTxVerifier; import org.neo4j.kernel.ha.BranchedDataMigrator; import org.neo4j.kernel.ha.DelegateInvocationHandler; @@ -871,4 +873,10 @@ protected BoltConnectionTracker createSessionTracker() { return new StandardBoltConnectionTracker(); } + + @Override + protected AuthManager getAuthDisabledAuthManager() + { + return EnterpriseAuthManager.NO_AUTH; + } } diff --git a/enterprise/kernel/src/main/java/org/neo4j/kernel/enterprise/api/security/EnterpriseAuthManager.java b/enterprise/kernel/src/main/java/org/neo4j/kernel/enterprise/api/security/EnterpriseAuthManager.java new file mode 100644 index 0000000000000..0e08c14392576 --- /dev/null +++ b/enterprise/kernel/src/main/java/org/neo4j/kernel/enterprise/api/security/EnterpriseAuthManager.java @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2002-2016 "Neo Technology," + * Network Engine for Objects in Lund AB [http://neotechnology.com] + * + * This file is part of Neo4j. + * + * Neo4j is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +package org.neo4j.kernel.enterprise.api.security; + +import java.util.Map; + +import org.neo4j.kernel.api.security.AuthManager; +import org.neo4j.kernel.api.security.exception.InvalidAuthTokenException; + +public interface EnterpriseAuthManager extends AuthManager +{ + void clearAuthCache(); + + @Override + EnterpriseAuthSubject login( Map authToken ) throws InvalidAuthTokenException; + + /** + * Implementation that does no authentication. + */ + EnterpriseAuthManager NO_AUTH = new EnterpriseAuthManager() + { + @Override + public EnterpriseAuthSubject login( Map authToken ) + { + return EnterpriseAuthSubject.AUTH_DISABLED; + } + + @Override + public void init() throws Throwable + { + } + + @Override + public void start() throws Throwable + { + } + + @Override + public void stop() throws Throwable + { + } + + @Override + public void shutdown() throws Throwable + { + } + + @Override + public void clearAuthCache() + { + } + }; +} diff --git a/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java b/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java index f0b44c6fbe718..9dfe26add165f 100644 --- a/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java +++ b/enterprise/kernel/src/main/java/org/neo4j/kernel/impl/enterprise/EnterpriseEditionModule.java @@ -22,7 +22,9 @@ import org.neo4j.io.fs.FileSystemAbstraction; import org.neo4j.kernel.api.bolt.BoltConnectionTracker; import org.neo4j.kernel.api.exceptions.KernelException; +import org.neo4j.kernel.api.security.AuthManager; import org.neo4j.kernel.configuration.Config; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.constraints.ConstraintSemantics; import org.neo4j.kernel.impl.enterprise.id.EnterpriseIdTypeConfigurationProvider; import org.neo4j.kernel.impl.enterprise.transaction.log.checkpoint.ConfigurableIOLimiter; @@ -106,4 +108,10 @@ protected Log authManagerLog() { return securityLog == null ? NullLog.getInstance() : securityLog; } + + @Override + protected AuthManager getAuthDisabledAuthManager() + { + return EnterpriseAuthManager.NO_AUTH; + } } diff --git a/enterprise/query-logging/src/test/java/org/neo4j/kernel/impl/query/QueryLoggerIT.java b/enterprise/query-logging/src/test/java/org/neo4j/kernel/impl/query/QueryLoggerIT.java index d06251db6872d..471045d554f63 100644 --- a/enterprise/query-logging/src/test/java/org/neo4j/kernel/impl/query/QueryLoggerIT.java +++ b/enterprise/query-logging/src/test/java/org/neo4j/kernel/impl/query/QueryLoggerIT.java @@ -41,7 +41,6 @@ import org.neo4j.graphdb.GraphDatabaseService; import org.neo4j.graphdb.ResourceIterator; import org.neo4j.graphdb.Result; -import org.neo4j.graphdb.config.Setting; import org.neo4j.graphdb.factory.GraphDatabaseBuilder; import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.kernel.api.KernelTransaction; @@ -61,6 +60,7 @@ import static org.hamcrest.Matchers.not; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThat; +import static org.neo4j.helpers.collection.MapUtil.stringMap; import static org.neo4j.kernel.api.security.AccessMode.Static.FULL; public class QueryLoggerIT @@ -94,10 +94,10 @@ public void setUp() public void shouldLogCustomUserName() throws Throwable { // turn on query logging - final Map, String> config = new HashMap<>( 2 ); - config.put( GraphDatabaseSettings.logs_directory, logsDirectory.getPath() ); - config.put( GraphDatabaseSettings.log_queries, Settings.TRUE ); - EmbeddedInteraction db = new EmbeddedInteraction( config, databaseBuilder ); + final Map config = stringMap( + GraphDatabaseSettings.logs_directory.name(), logsDirectory.getPath(), + GraphDatabaseSettings.log_queries.name(), Settings.TRUE ); + EmbeddedInteraction db = new EmbeddedInteraction( databaseBuilder, config ); // create users db.getLocalUserManager().newUser( "mats", "neo4j", false ); @@ -132,7 +132,7 @@ public void shouldLogTXMetaDataInQueryLog() throws Throwable // turn on query logging databaseBuilder.setConfig( GraphDatabaseSettings.logs_directory, logsDirectory.getPath() ); databaseBuilder.setConfig( GraphDatabaseSettings.log_queries, Settings.TRUE ); - EmbeddedInteraction db = new EmbeddedInteraction( Collections.emptyMap(), databaseBuilder ); + EmbeddedInteraction db = new EmbeddedInteraction( databaseBuilder, Collections.emptyMap() ); GraphDatabaseFacade graph = db.getLocalGraph(); db.getLocalUserManager().setUserPassword( "neo4j", "123", false ); diff --git a/enterprise/security/src/main/java/org/neo4j/commandline/admin/security/RolesCommand.java b/enterprise/security/src/main/java/org/neo4j/commandline/admin/security/RolesCommand.java index 5965f76a9c39f..1ece3d50cc65b 100644 --- a/enterprise/security/src/main/java/org/neo4j/commandline/admin/security/RolesCommand.java +++ b/enterprise/security/src/main/java/org/neo4j/commandline/admin/security/RolesCommand.java @@ -42,7 +42,7 @@ import org.neo4j.logging.NullLog; import org.neo4j.logging.NullLogProvider; import org.neo4j.server.configuration.ConfigLoader; -import org.neo4j.server.security.enterprise.auth.EnterpriseAuthManager; +import org.neo4j.server.security.enterprise.auth.EnterpriseAuthAndUserManager; import org.neo4j.server.security.enterprise.auth.EnterpriseAuthManagerFactory; import org.neo4j.server.security.enterprise.auth.RoleRepository; @@ -86,7 +86,7 @@ public AdminCommand create( Path homeDir, Path configDir, OutsideWorld outsideWo private final Path configDir; private OutsideWorld outsideWorld; private JobScheduler jobScheduler; - private EnterpriseAuthManager authManager; + private EnterpriseAuthAndUserManager authManager; public RolesCommand( Path homeDir, Path configDir, OutsideWorld outsideWorld ) { @@ -194,14 +194,14 @@ private void listRoles( String roleName ) throws Throwable private void createRole( String roleName ) throws Throwable { - EnterpriseAuthManager authManager = getAuthManager(); + EnterpriseAuthAndUserManager authManager = getAuthManager(); authManager.getUserManager().newRole( roleName ); outsideWorld.stdOutLine( "Created new role '" + roleName + "'" ); } private void deleteRole( String roleName ) throws Throwable { - EnterpriseAuthManager authManager = getAuthManager(); + EnterpriseAuthAndUserManager authManager = getAuthManager(); authManager.getUserManager().getRole( roleName ); // Will throw error on missing role if ( authManager.getUserManager().deleteRole( roleName ) ) { @@ -215,7 +215,7 @@ private void deleteRole( String roleName ) throws Throwable private void assignRole( String roleName, String username ) throws Throwable { - EnterpriseAuthManager authManager = getAuthManager(); + EnterpriseAuthAndUserManager authManager = getAuthManager(); authManager.getUserManager().getRole( roleName ); // Will throw error on missing role authManager.getUserManager().getUser( username ); // Will throw error on missing user for ( String name : authManager.getUserManager().getUsernamesForRole( roleName ) ) @@ -231,7 +231,7 @@ private void assignRole( String roleName, String username ) throws Throwable private void removeRole( String roleName, String username ) throws Throwable { - EnterpriseAuthManager authManager = getAuthManager(); + EnterpriseAuthAndUserManager authManager = getAuthManager(); authManager.getUserManager().getRole( roleName ); // Will throw error on missing role authManager.getUserManager().getUser( username ); // Will throw error on missing user for ( String name : authManager.getUserManager().getUsernamesForRole( roleName ) ) @@ -248,7 +248,7 @@ private void removeRole( String roleName, String username ) throws Throwable private void rolesFor( String username ) throws Throwable { - EnterpriseAuthManager authManager = getAuthManager(); + EnterpriseAuthAndUserManager authManager = getAuthManager(); authManager.getUserManager().getUser( username ); // Will throw error on missing user for ( String roleName : authManager.getUserManager().getRoleNamesForUser( username ) ) { @@ -258,7 +258,7 @@ private void rolesFor( String username ) throws Throwable private void usersFor( String roleName ) throws Throwable { - EnterpriseAuthManager authManager = getAuthManager(); + EnterpriseAuthAndUserManager authManager = getAuthManager(); authManager.getUserManager().getRole( roleName ); // Will throw error on missing role for ( String username : authManager.getUserManager().getUsernamesForRole( roleName ) ) { @@ -291,7 +291,7 @@ private RoleRepository getRoleRepository() throws Throwable return repo; } - private EnterpriseAuthManager getAuthManager() throws Throwable + private EnterpriseAuthAndUserManager getAuthManager() throws Throwable { if ( this.authManager == null ) { diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java similarity index 85% rename from enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManager.java rename to enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java index c5e51b545333d..03f38175d91fc 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthAndUserManager.java @@ -19,13 +19,11 @@ */ package org.neo4j.server.security.enterprise.auth; -import org.neo4j.kernel.api.security.AuthManager; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.server.security.auth.UserManagerSupplier; -public interface EnterpriseAuthManager extends AuthManager, UserManagerSupplier +public interface EnterpriseAuthAndUserManager extends EnterpriseAuthManager, UserManagerSupplier { @Override EnterpriseUserManager getUserManager(); - - void clearAuthCache(); } diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java index e1f337dccebac..14a3da36d3a2a 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/EnterpriseAuthManagerFactory.java @@ -64,7 +64,7 @@ public EnterpriseAuthManagerFactory() } @Override - public EnterpriseAuthManager newInstance( Config config, LogProvider logProvider, Log allegedSecurityLog, + public EnterpriseAuthAndUserManager newInstance( Config config, LogProvider logProvider, Log allegedSecurityLog, FileSystemAbstraction fileSystem, JobScheduler jobScheduler ) { // StaticLoggerBinder.setNeo4jLogProvider( logProvider ); diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java index e1a8e383b0070..04405e06099b8 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/MultiRealmAuthManager.java @@ -49,7 +49,7 @@ import static org.neo4j.helpers.Strings.escape; -class MultiRealmAuthManager implements EnterpriseAuthManager +class MultiRealmAuthManager implements EnterpriseAuthAndUserManager { private final EnterpriseUserManager userManager; private final Collection realms; diff --git a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/StandardEnterpriseAuthSubject.java b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/StandardEnterpriseAuthSubject.java index 90742176e76e3..ec7e1cae711b1 100644 --- a/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/StandardEnterpriseAuthSubject.java +++ b/enterprise/security/src/main/java/org/neo4j/server/security/enterprise/auth/StandardEnterpriseAuthSubject.java @@ -35,7 +35,7 @@ public class StandardEnterpriseAuthSubject implements EnterpriseAuthSubject static final String READ_WRITE = "data:read,write"; static final String READ = "data:read"; - private final EnterpriseAuthManager authManager; + private final EnterpriseAuthAndUserManager authManager; private final ShiroSubject shiroSubject; public static StandardEnterpriseAuthSubject castOrFail( AuthSubject authSubject ) @@ -43,7 +43,7 @@ public static StandardEnterpriseAuthSubject castOrFail( AuthSubject authSubject return EnterpriseAuthSubject.castOrFail( StandardEnterpriseAuthSubject.class, authSubject ); } - public StandardEnterpriseAuthSubject( EnterpriseAuthManager authManager, ShiroSubject shiroSubject ) + public StandardEnterpriseAuthSubject( EnterpriseAuthAndUserManager authManager, ShiroSubject shiroSubject ) { this.authManager = authManager; this.shiroSubject = shiroSubject; diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java index 25781902e39a6..a9495a135f225 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/BoltInteraction.java @@ -50,6 +50,7 @@ import org.neo4j.kernel.api.exceptions.Status; import org.neo4j.kernel.api.security.AuthSubject; import org.neo4j.kernel.api.security.AuthenticationResult; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.impl.coreapi.InternalTransaction; import org.neo4j.kernel.impl.factory.GraphDatabaseFacade; import org.neo4j.test.TestEnterpriseGraphDatabaseFactory; @@ -93,9 +94,13 @@ class BoltInteraction implements NeoInteractionLevel extends ProcedureInteractionTestBase @@ -296,6 +296,39 @@ public void shouldListQueriesEvenIfUsingPeriodicCommit() throws Throwable } } + @Test + public void shouldListAllQueriesWithAuthDisabled() throws Throwable + { + neo.tearDown(); + neo = setUpNeoServer( stringMap( GraphDatabaseSettings.auth_enabled.name(), "false" ) ); + + DoubleLatch latch = new DoubleLatch( 2, true ); + OffsetDateTime startTime = OffsetDateTime.now(); + + ThreadedTransaction read = new ThreadedTransaction<>( neo, latch ); + + String q = read.execute( threading, neo.login( "user1", "" ), "UNWIND [1,2,3] AS x RETURN x" ); + latch.startAndWaitForAllToStart(); + + String query = "CALL dbms.listQueries()"; + try + { + assertSuccess( neo.login( "admin", "" ), query, r -> + { + Set> maps = r.stream().collect( Collectors.toSet() ); + + Matcher> thisQuery = listedQueryOfInteractionLevel( startTime, "", query ); // admin + Matcher> matcher1 = listedQuery( startTime, "", q ); // user1 + assertThat( maps, matchesOneToOneInAnyOrder( matcher1, thisQuery ) ); + } ); + } + finally + { + latch.finishAndWaitForAllToFinish(); + } + read.closeAndAssertSuccess(); + } + //---------- terminate query ----------- @SuppressWarnings( "unchecked" ) diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EmbeddedInteraction.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EmbeddedInteraction.java index a2dff7041b35f..1bed1fb4bf259 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EmbeddedInteraction.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/EmbeddedInteraction.java @@ -25,13 +25,13 @@ import org.neo4j.bolt.BoltKernelExtension; import org.neo4j.graphdb.ResourceIterator; -import org.neo4j.graphdb.config.Setting; import org.neo4j.graphdb.factory.GraphDatabaseBuilder; import org.neo4j.graphdb.factory.GraphDatabaseSettings; import org.neo4j.graphdb.mockfs.EphemeralFileSystemAbstraction; import org.neo4j.io.fs.FileSystemAbstraction; import org.neo4j.kernel.api.KernelTransaction; import org.neo4j.kernel.api.security.AuthenticationResult; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthSubject; import org.neo4j.kernel.impl.coreapi.InternalTransaction; import org.neo4j.kernel.impl.factory.GraphDatabaseFacade; @@ -46,29 +46,24 @@ public class EmbeddedInteraction implements NeoInteractionLevel { private GraphDatabaseFacade db; - private MultiRealmAuthManager manager; - private EnterpriseUserManager userManager; + private EnterpriseAuthManager authManager; private FileSystemAbstraction fileSystem; EmbeddedInteraction( Map config ) throws Throwable { TestEnterpriseGraphDatabaseFactory factory = new TestEnterpriseGraphDatabaseFactory(); factory.setFileSystem( new EphemeralFileSystemAbstraction() ); - GraphDatabaseBuilder builder = factory.newImpermanentDatabaseBuilder().setConfig( config ); + GraphDatabaseBuilder builder = factory.newImpermanentDatabaseBuilder(); this.fileSystem = factory.getFileSystem(); - init( builder ); + init( builder, config ); } - public EmbeddedInteraction( Map, String> config, GraphDatabaseBuilder builder ) throws Throwable + public EmbeddedInteraction( GraphDatabaseBuilder builder, Map config ) throws Throwable { - for ( Map.Entry,String> entry : config.entrySet() ) - { - builder.setConfig( entry.getKey(), entry.getValue() ); - } - init( builder ); + init( builder, config ); } - private void init( GraphDatabaseBuilder builder ) throws Throwable + private void init( GraphDatabaseBuilder builder, Map config ) throws Throwable { builder.setConfig( boltConnector( "0" ).enabled, "true" ); builder.setConfig( boltConnector( "0" ).encryption_level, OPTIONAL.name() ); @@ -77,17 +72,23 @@ private void init( GraphDatabaseBuilder builder ) throws Throwable NeoInteractionLevel.tempPath( "cert", ".cert" ) ); builder.setConfig( GraphDatabaseSettings.auth_enabled, "true" ); builder.setConfig( GraphDatabaseSettings.auth_manager, "enterprise-auth-manager" ); + + builder.setConfig( config ); + db = (GraphDatabaseFacade) builder.newGraphDatabase(); - manager = db.getDependencyResolver().resolveDependency( MultiRealmAuthManager.class ); - manager.init(); - manager.start(); - userManager = manager.getUserManager(); + authManager = db.getDependencyResolver().resolveDependency( EnterpriseAuthManager.class ); + authManager.init(); + authManager.start(); } @Override - public EnterpriseUserManager getLocalUserManager() + public EnterpriseUserManager getLocalUserManager() throws Exception { - return userManager; + if ( authManager instanceof EnterpriseAuthAndUserManager ) + { + return ((EnterpriseAuthAndUserManager) authManager).getUserManager(); + } + throw new Exception( "The configuration used does not have a user manager" ); } @Override @@ -126,7 +127,7 @@ public String executeQuery( EnterpriseAuthSubject subject, String call, Map { - EnterpriseUserManager getLocalUserManager(); + EnterpriseUserManager getLocalUserManager() throws Exception; GraphDatabaseFacade getLocalGraph(); diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase.java index 7365fffa7692b..e1d9aa4a334fa 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ProcedureInteractionTestBase.java @@ -39,7 +39,6 @@ import org.neo4j.bolt.v1.transport.integration.TransportTestUtil; import org.neo4j.bolt.v1.transport.socket.client.SocketConnection; import org.neo4j.bolt.v1.transport.socket.client.TransportConnection; -import org.neo4j.graphdb.DependencyResolver; import org.neo4j.graphdb.GraphDatabaseService; import org.neo4j.graphdb.ResourceIterator; import org.neo4j.graphdb.factory.GraphDatabaseSettings; diff --git a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ThreadedTransaction.java b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ThreadedTransaction.java index dbea9b070c45d..c0dd5509f85f3 100644 --- a/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ThreadedTransaction.java +++ b/enterprise/security/src/test/java/org/neo4j/server/security/enterprise/auth/ThreadedTransaction.java @@ -80,40 +80,39 @@ private String[] doExecute( @Override public Throwable apply( S subject ) { - try + try ( InternalTransaction tx = neo.beginLocalTransactionAsUser( subject, txType ) ) { - try ( InternalTransaction tx = neo.beginLocalTransactionAsUser( subject, txType ) ) + Result result = null; + try { - Result result = null; - try + if ( startEarly ) { - if ( startEarly ) - { - latch.start(); - } - for ( String query : queries ) - { - if ( result != null ) - { - result.close(); - } - result = neo.getLocalGraph().execute( query ); - } - if ( !startEarly ) + latch.start(); + } + for ( String query : queries ) + { + if ( result != null ) { - latch.startAndWaitForAllToStart(); + result.close(); } + result = neo.getLocalGraph().execute( query ); + } + if ( !startEarly ) + { + latch.startAndWaitForAllToStart(); } - catch (Throwable t) + } + finally + { + if ( !startEarly ) { - latch.finish(); - return t; + latch.start(); } latch.finishAndWaitForAllToFinish(); - result.close(); - tx.success(); - return null; } + result.close(); + tx.success(); + return null; } catch (Throwable t) { diff --git a/enterprise/server-enterprise/src/test/java/org/neo4j/server/rest/security/RESTInteraction.java b/enterprise/server-enterprise/src/test/java/org/neo4j/server/rest/security/RESTInteraction.java index dabb2d725de5d..8877ce1a99b6e 100644 --- a/enterprise/server-enterprise/src/test/java/org/neo4j/server/rest/security/RESTInteraction.java +++ b/enterprise/server-enterprise/src/test/java/org/neo4j/server/rest/security/RESTInteraction.java @@ -47,7 +47,8 @@ import org.neo4j.server.helpers.CommunityServerBuilder; import org.neo4j.server.rest.domain.JsonHelper; import org.neo4j.server.rest.domain.JsonParseException; -import org.neo4j.server.security.enterprise.auth.EnterpriseAuthManager; +import org.neo4j.kernel.enterprise.api.security.EnterpriseAuthManager; +import org.neo4j.server.security.enterprise.auth.EnterpriseAuthAndUserManager; import org.neo4j.server.security.enterprise.auth.EnterpriseUserManager; import org.neo4j.server.security.enterprise.auth.NeoInteractionLevel; import org.neo4j.test.server.HTTP; @@ -68,30 +69,36 @@ class RESTInteraction extends CommunityServerTestBase implements NeoInteractionL EnterpriseAuthManager authManager; - RESTInteraction( Map config ) throws IOException + RESTInteraction( Map config ) throws IOException { CommunityServerBuilder builder = EnterpriseServerBuilder.server(); - for ( Map.Entry entry : config.entrySet() ) - { - builder = builder.withProperty( entry.getKey(), entry.getValue() ); - } - this.server = builder.withProperty( boltConnector( "0" ).enabled.name(), "true" ) + builder = builder + .withProperty( boltConnector( "0" ).enabled.name(), "true" ) .withProperty( boltConnector( "0" ).encryption_level.name(), OPTIONAL.name() ) .withProperty( BoltKernelExtension.Settings.tls_key_file.name(), - NeoInteractionLevel.tempPath( "key", ".key" ) ) + NeoInteractionLevel.tempPath( "key", ".key" ) ) .withProperty( BoltKernelExtension.Settings.tls_certificate_file.name(), - NeoInteractionLevel.tempPath( "cert", ".cert" ) ) + NeoInteractionLevel.tempPath( "cert", ".cert" ) ) .withProperty( GraphDatabaseSettings.auth_enabled.name(), Boolean.toString( true ) ) - .withProperty( GraphDatabaseSettings.auth_manager.name(), "enterprise-auth-manager" ) - .build(); + .withProperty( GraphDatabaseSettings.auth_manager.name(), "enterprise-auth-manager" ); + + for ( Map.Entry entry : config.entrySet() ) + { + builder = builder.withProperty( entry.getKey(), entry.getValue() ); + } + this.server = builder.build(); this.server.start(); authManager = this.server.getDependencyResolver().resolveDependency( EnterpriseAuthManager.class ); } @Override - public EnterpriseUserManager getLocalUserManager() + public EnterpriseUserManager getLocalUserManager() throws Exception { - return authManager.getUserManager(); + if ( authManager instanceof EnterpriseAuthAndUserManager ) + { + return ((EnterpriseAuthAndUserManager) authManager).getUserManager(); + } + throw new Exception("The used configuration does not have a user manager"); } @Override